Data encoding in the shell is a quick and reliable method to parse input in one type of format to format of another type. This could be done in order to determine how an application has converted input, or to encode your input in such a way as to bypass a security filter. These include some valuable methods such as HEX, HTML, URL, various password representations, common hashes and even some compression encodings. What follows are some of my favourite … →
It was the best of security, it was the worst of security. This story is not about Citibank, nor London or Paris for that matter, but two anonymous regional financial institutions that characterize an interesting aspect of security. Their IT footprints are very similar in terms of staffing capabilities, budget technology deployed, etc., yet one of them runs a remarkably secure IT environment and the other exists in the realm of insecurity. Here, we take the opportunity to compare and … →
ActiveX seems to be getting some bad press once again, as its the target of recent exploits. From SANS: “Microsoft mentions that they are aware of active exploits against this vulnerability, although we at the SANS Internet Storm Center haven’t seen it used or mentioned in public as of yet. Which may tend to indicate it has been used in targeted rather than broad based attacks. At the moment there is no patch, there is a workaround, and it can … →
Security Review Site Really a Front for a Security Consulting Company? The security space is a very interesting arena. For the customer, it’s often very difficult to separate fact from fiction in many aspects. There are security companies that sell you audits, and then sell you their “solutions”. There are security companies with flashy websites and huge marketing campaigns, only to be stocked with sub-par talent and less than average processes. There are security companies that praise their technical ability … →
Sed, Grep and Awk are true *nix tools, known for their awkward names and equally awkward syntax. They represent the most immediate access to Regular Expressions (REs) which are themselves worthy of knowledge. Even their attempted replacement, Perl, is also known producing useful yet unreadable code. Though I acknowledge their awkward natures, their usefulness cannot be ignored, and learning how to use each will aid you in your ascension to line processing supremacy. Each is best used in the following … →
While Nessus is a wonderful vulnerability scanner, sometimes it is too slow and resource heavy for individual issues. The following 2 equivalent scripts perform checks for the following SSL related Nessus plugins: 20007: SSL Version 2 (v2) Protocol Detection 26928: SSL Weak Cipher Suites Supported 31705: SSL Anonymous Cipher Suites Supported The first is the curl version: #!/bin/bash # phaas at redspin.com: Never us a ‘sh when a bash is necessary # Checks the Equivalent of Nessus Plugin 20007, 26928 … →
The topic of this week’s shell1liners is handling HTTP and SSL in Bash: #netcat scanner for HTTP servers for i in $(seq 1 255); do nc -n -v -z "192.168.1.$i" 80 | grep "open"; done | tee webservers.txt # Manually perform a HTTP Get Request echo -ne "GET / HTTP/1.0\n\n" | nc www.redspin.com 80 # Manually perform a HTTP Get Request on a SSL Port echo -ne "GET / HTTP/1.0\n\n" | socat – OPENSSL:www.website.com:443,verify=0 # Create a local TCP … →
SNMP, or Simple Network Management Protocol, has been the go-to management protocol of choice for years. As its name declares, it is a simple and efficient way to monitor hosts. Most everything is SNMP capable these days, from servers to switches, and from firewalls to routers. Even most UPS’s and A/C units have it built in. Most installs of SNMP default to SNMPv2, which is dated technology. In 2004, SNMPv3 was introduced as a replacement for v2, touting increased security … →
